IBM Cloud Docs

CM-6 (1) - Automated Central Management / Application / Verification

CM-6 (1) - Automated Central Management / Application / Verification

Control requirements

CM-6 (1) - 0: The organization employs automated mechanisms to centrally manage, apply, and verify configuration settings for [Assignment: organization-defined information system components].

Implementation guidance

See the resources that follow to learn more about how to implement this control.

Compliance monitoring

IBM Cloud for Financial Services profile

The rules related to this control that follow are part of the IBM Cloud for Financial Services v1.2.0 profile in IBM Cloud® Security and Compliance Center.

Check whether DevSecOps Toolchain validates code against Center for Internet Security (CIS) Docker benchmarks to ensure container runtimes are configured securely
Check whether DevSecOps Toolchain deployment has approved change documentation including security impact analysis